Aviation cyber security
Cyber security in aviation as part of the overall safety of the aviation system
What is meant by cyber security?
Aviation cyber security refers to aviation operators and service providers identifying and managing information security risks to information and communications technology systems and data used in civil aviation that have or may have an impact on aviation safety or aviation security, as well as strengthening the resilience of the aviation system.
Cyber security aims to achieve a reliable cyber operating environment with safe and secure operations. Cyber security risks are dynamic in nature. This means that attackers aim to exploit vulnerabilities in many different ways, and these vulnerabilities can rapidly compromise cyber security. The aviation system is a widely interlinked system of systems that requires the aviation industry and operators to have topical awareness of direct and indirect cyber security threats. The constantly changing threat environment encourages organisations to have a proactive and dynamic approach to cyber security. The aim of the regulatory work and oversight by the aviation authority is to ensure that aviation operators and service providers have a sufficient capacity in aviation cyber security management in a continuously changing operating environment.
Role of Traficom
On a national level, Finland complies with the Cyber Security Strategy 2019 (External link) and the Cyber Security Development Programme (External link) published in 2021 that extensively discuss cyber security in different sectors of society. Finland's cyber security strategy is currently being revised. The consultation round for the revised cybersecurity strategy is 12 June - 9 August 2024 (External link).
In Finland, official cyber security obligations are divided between several different authorities. Traficom`s National Cyber Security Centre Finland (External link) is the national cyber security centre that, within aviation, is responsible e.g. for the CERT (Computer Emergency Response Team) activities, prevents information security violations and provides information and advice on information security matters. The National Cyber Security Centre Finland is also responsible e.g. for the operations of the ISAC Information Sharing Groups (External link).
Traficom acts as Finland’s Civil Aviation Authority and is responsible for a wide range of official duties in aviation under normal and exceptional situations. Traficom is responsible e.g. for maintaining the Finnish Aviation Safety Programme and the Finnish Plan for Aviation Safety (External link) and the national risk picture of aviation. As part of the safety management of Finnish aviation, Traficom oversees aviation organisations. Currently, the role of the aviation authority is increasingly expanding towards partnership and interaction in the spirit of continuous improvement. Both Traficom and the National Cyber Security Centre Finland provide cyber security advice and guidance to aviation organisations.
Information about aviation cyber security
This website provides information on how cyber security is taken into account in the Finnish aviation system. You will find information on cyber security regulation and obligations that apply to aviation organisations in managing the cyber security of their operations. The website also describes how aviation cyber security is managed on the national level and how the aviation authority implements its official obligations in overseeing the cyber security of aviation organisations. The pages also offer instructions and good practices, in addition to a Q&A section.